PCI QIR Certification and What it Means

PCI QIR Certification and What it Means

Is Your Merchant and POS Provider QIR Certified?

Visa requires all merchants including Level 4 merchants (small businesses) to have their payment processing devices and systems installed by Qualified Integrator and Reseller (QIR).  That means ensuring your EMV or chip reader and/or software used in your business is installed, maintained, and serviced by Qualified PCI Certified Technicians.  Small businesses tend to be more susceptible to fraud thus more at risk. ACCORDING TO VISA, since EMV adoption, credit card theft has dropped about 76%. 

The Difference Between EMV and the Old Magnetic Swipe Process

Although an EMV (or chip) reader can be slightly slower than the old card swipe, it is safer for the cardholder and the merchant. This is because the magnetic strip once carried all of your account information, and it was easy to copy. The new chip technology creates a unique code from with communicates that  “this amount of money from this card was used for this transaction and this one only.” Thus removing the ability to reuse the information because of the unique code generated from the chip. Make sure you are using credit card terminals and or software systems that already have this technology-enabled. 

Why do you need a QIR-certified Payment Provider to Install Your POS System? 

The biggest reason is, securing your data. Only qualified professionals should install or troubleshoot your Point of Sale System or credit card terminals. This we where restaurants become vulnerable and open to malware. The POS goes down and someone does a quick fix or remotes in and leaves a firewall open or with an easy-to-hack password. Also, Skimmers can be placed within a machine and sold to unsuspecting merchants resulting in stolen information and potential fines. 

The Payment Card Industry Security Standards Council (PCI SSC) has a certification for eligible resellers to give the business owner peace of mind. The customer’s information is secure when making transactions. In addition, the technicians installing and servicing your terminals are trained to do so with the most up-to-date standards, no matter the size of your company. 

PCI DSS recommends always checking your current or new providers to ensure they maintain the highest security standards. We make sure our team at Card Systems is PCI certified.  Even though filling out the form every year and doing a security scan can be painful at times with cameras and other connections in your business, it helps protect you and your customers. It is just common sense like closing your front door, locking it, and then checking it from time to time.

Search by country, region, or state on the PCI SSC Qualified Integrator & Reseller List.

PCI Basics for Small Merchants

PCI Basics for Small Merchants

In 2015 the PCI SSC created the Small Merchant Taskforce, a cross-industry consortium of payment
security experts, merchant groups and small merchant advocates, to create educational material and
suggested next steps to assess risk within a small business environment. The Taskforce drew from
their collective payment security and small merchant expertise to create PCI Data Security Essential
Resources for Small Merchants, a series of resources to help small merchants focus on essential
payment data security practices needed to protect payment data and reduce risk in their business
environment.

As part of that series, PCI SSC created PCI Firewall Basics, a one-page infographic providing
guidance on firewall configuration basics.

firewall basics

TLS Security Is Important!

TLS Security Is Important!

With all the recent stories about security breaches, you may be wondering what you can do to help secure your data and communications. Transport Layer Security, also known as TLS, is a procedure that provides privacy and data integrity between multiple applications in your systems. TLS is used to create a secure environment for web browsing, emailing, or other applications. Websites are able to use TLS to keep all communication between their servers and web browsers secure. For organizations that store or process payment information, using TLS version 1.2 is a requirement of the Payment Card Industry Data Security Standard. This standard was created by the PCI Security Standards Council to protect cardholder data. No single security measure will fully protect your organization from unauthorized data breaches, but implementing security protocols like TLS can reduce the chance of such threats.

How does your security impact your daily work day?

When it comes to your computer, your web browser may need to be updated. Whether you have Internet Explorer, Chrome, Firefox, etc, check to make sure your computer is installing these updates automatically. When it comes to your payment software, if it stops working, you may need to do an update or even upgrade your software. Contacting your software provider with any issues can be a big help.  Some businesses run a standalone credit card terminal. If this stops working, you are going to want to contact your local sales office or merchant service provider as you may need a new file to be downloaded into the terminal.

The goal of TLS procedures are security and efficiency. Are you wondering if your browser is supported? This link will show you a list of supported browsers:

https://www.ssllabs.com/ssltest/viewMyClient.html